5 ways to protect your business from bad cloud contracts

Though contracts typically favor providers, it’s possible for businesses to negotiate cloud contracts that better protect them against the risks of cloud computing. Here’s some help.

Thanks to legal factors and market influences, it’s becoming easier for a business to negotiate more favorable contracts with cloud providers, according to a recent study conducted by the Cloud Legal Project (CLP) at the Centre for Commercial Law Studies at Queen Mary, University of London.

Based on interviews with cloud providers, cloud users, law firms and other organizations, the research found that the standard service terms offered most often favored the provider. Some of the cloud contracts analyzed were even potentially non-compliant with regulations covering the customer, and some were invalid or unenforceable. However, as both customers and vendors are becoming more knowledgeable, providers are becoming more flexible in negotiating terms with customers.

Right now, larger organizations have had the best luck negotiating cloud contracts, as they have more power to demand changes. While the developments those companies force will trickle down to other customers, smaller businesses are having a harder time negotiating right now, the report says.

What can businesses do to negotiate better cloud contracts that offer lower prices and better protection against data loss, downtime and compliance issues? Here’s some advice from the CLP researchers and other cloud experts:

1. Have a formal process for signing up for cloud services

While providers are becoming more flexible in their terms, research shows only about half of cloud computing customers actually negotiate their contracts. One reason may be that many businesses fall into what CLP calls the “click-through trap.” That refers to the process of signing up for a service online, in which customers are simply required to click a button to accept the standard terms, without a chance to negotiate.

In some cases, an employee even signs up for a service and agrees to those terms, and then the company will unsuccessfully try to negotiate after the fact. CLP recommends all applicable departments (IT, finance, legal, etc.) read those terms carefully before anyone signs up, and then have someone call to negotiate if necessary.

2. Choose your battles

Ordering priorities when negotiating a cloud contract will make it more likely that the organization gets the concessions that matter most. What are the most important items in a cloud contract to negotiate? According to CLP’s study, the issues most often negotiated are:

Remedies and liability for problems such as data loss and down time

Service level, availability and up-time guarantees

Security and privacy, especially as mandated by laws and regulations

Termination rights and return of data on exit

Protection against unilateral changes to service features, and

Intellectual property rights.

3. Try different approaches

For many of those factors, there are various ways companies can go about getting what they need. For example, though a provider may not budge on the percentage stated in a service level guarantee, the company may be able to negotiate more favorable terms for when the service level agreement is breached.

Before negotiating, it’s important to know what the company hopes to get, with acceptable back-ups if those ideas are shot down.

When negotiating the security and privacy aspects of a cloud contract, here is a checklist of some of the issues to keep in mind:

Notification — Get notified of all security incidents involving the provider, even if it doesn’t affect your data.

Audits and testing — Many experts recommend companies conduct penetration testing against a provider before signing a contract and negotiate the ability to conduct regular security audits.

Liability — Though the standard contracts in CLP’s study often didn’t hold providers liable if data was breached, many cloud customers were able to get providers to accept capped liability for breaches.

5. Give yourself a way out

One of the most important things to negotiate in a cloud contract is an exit plan. Making sure your company isn’t strong-armed into sticking with the provider will make it easier to negotiate in the future or leave for a better deal, if necessary.

Here are some of the things organizations should consider trying to include in a cloud contract:

Termination rights after changes — Contracts should allow companies to terminate service without penalty if the provider makes significant changes to what’s being delivered.

Opt-out after one year — Some providers offer discounts for customers who sign on for multi-year terms. But in those cases, it may be a good idea to have some kind of opt-out be available after the first year.

Return of data — One item that’s critical for cloud customers is to make sure they retain ownership of all their data and will be able to keep all of it after they change providers.

Top Trending Resources

About IT Manager Daily

IT Manager Daily, part of the Catalyst Media Network, provides the latest IT and business technology news for IT professionals in the trenches of small-to-medium-sized businesses. Rather than simply regurgitating the day’s headlines, IT Manager Daily delivers actionable insights, helping IT execs understand what technology trends mean to their business.